Liftlines Forums

First Tracks!! Online Home | Forum Home

Switch to full style
Here you'll find helpful tips regarding the operation of the Discussion Boards at First Tracks!! Online, as well as general announcements for our users.
Post a reply

Another hack <sigh>

Wed Sep 28, 2016 11:59 am

Apologies to those who, for a relatively short time this morning, attempted to access FTO via a mobile device and got ads for porn sites instead. Beginning shortly after 7 a.m. MT this morning this behavior was occurring, and by 10 a.m. the problem was resolved.

For those techies who are curious about the specifics, a couple of Wordpress' PHP files buried deep in the core of the CMS were altered to create modified .htaccess files that redirected visitors using mobile devices. While it's not entirely clear how they gained access to the server to upload those modified files, passwords have been changed and a new malware/hack scanner has been installed on the server.

Re: Another hack <sigh>

Thu Sep 29, 2016 10:07 am

Yep, saw that when I went to check the news and figured it was a hack yesterday...

Re: Another hack <sigh>

Fri Sep 30, 2016 10:45 am

As an addendum, this morning I figured out how they were getting in. Our download manager was allowing unauthenticated ajax calls to execute arbitrary functions. This would allow an attacker to upload arbitrary files and perform a variety of other malicious tasks. That hole has now been plugged.
Post a reply
All content herein copyright 1999-2017 First Tracks!! Online Media